CN113032826A - Encrypted electronic document sharing method based on multi-level authorization - Google Patents
Encrypted electronic document sharing method based on multi-level authorization Download PDFInfo
- Publication number
- CN113032826A CN113032826A CN202110292394.2A CN202110292394A CN113032826A CN 113032826 A CN113032826 A CN 113032826A CN 202110292394 A CN202110292394 A CN 202110292394A CN 113032826 A CN113032826 A CN 113032826A
- Authority
- CN
- China
- Prior art keywords
- authorization
- document
- platform
- sharing
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses an encrypted electronic document sharing method based on multi-level authorization, which comprises the following steps: s1, creating identity information on the virtual platform, and obtaining corresponding identity identification information and an authorization code decryption private key; s2, acquiring the shared document file through the network, and encrypting the shared document file; and S3, the virtual platform performs identity authentication on the shared document file. The invention has the beneficial effects that: a basic document encryption scheme is provided, and meanwhile, an authorization management scheme of all use scenes is also provided; under the environment of developing and using the universal reader, a purchaser and a reader of a shared document only need to master the familiar reader, a content provider and a platform provider only need to establish an authorization center, and even authorization can be trusteed to a third-party authorization center, so that the technical difficulty of the content provider and the platform provider in participating in document sharing is greatly reduced.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to an encrypted electronic document sharing method based on multi-level authorization.
Background
The document sharing can be realized by simultaneously viewing and editing the same document by multiple persons; the specific document can also be downloaded for payment or free through the identity authentication of the document sharing platform, the documents in the two sharing modes are provided for the end user in an unencrypted or encrypted form, and the encrypted format of the documents needs to be downloaded to a special reader for viewing.
In encrypted document sharing, because encryption schemes are different and the technical basis of a uniform reader is lacked, a user needs to install a plurality of platform-specific readers to see documents of a plurality of platforms, and the reading experience is affected because the operation habits and functions of each reader are greatly different; meanwhile, a user cannot establish a uniform electronic resource library, digital documents are inconvenient to store and use, and in the organization market, the management and maintenance costs of customers in various aspects of systems, data storage and readers are increased sharply due to various special readers and management platforms; on the other hand, most platforms need to develop their own dedicated readers, and also face the difficulties of multiple devices and multiple operating system environment versions, and these repeated developments will bring huge software development and operation costs, which will ultimately be passed on to the reading cost of users.
The problem is concentrated on the document reader, the basic scheme for solving the problem is to develop a general reader, and with the development of digital reading, a plurality of enterprises with large-scale professional general readers are born, but at present, the reader products of the developers cannot share the document field, and the main reason is that all parties participating in document sharing: developers, customers, and shared platforms lack mutual trust. An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides an encrypted electronic document sharing method based on multi-level authorization, which is an authorization and trust method between a user and a virtual platform and can overcome the defects in the prior art.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows: an encryption electronic document sharing method based on multi-level authorization comprises the following steps:
s1, creating application on the virtual platform, and enabling a reader developer to obtain corresponding identity identification information and an authorization code decryption private key;
s2, acquiring a shared document file through a network, wherein the shared document file is encrypted in advance;
and S3, the virtual platform performs identity authentication on readers sharing the document file.
Further, in the S1, the virtual platform includes a sharing platform and a selling platform.
Further, in the S2, the shared document file is encrypted by AES in advance.
Further, in the S3, the reader of the shared document file does not need to be authenticated, and immediately obtains the authorization code.
Further, in S3, the reader of the shared document file needs identity authentication, further authenticates in the virtual platform authentication center, and obtains the authorization code again, wherein the authorization code is encrypted by the public key of the decryption private key pair.
Further, in S3, after the identity authentication is successful and before the document is read, the document code and the authorization address of the shared document file on the virtual platform are obtained from the shared document file package part, and the authorization code is obtained at the authorization address specified by the virtual platform through the document code and the identity information.
Further, the virtual platform is a sharing platform, the sharing platform and a reader reading the document cache identity information through a token, and an authorization code is obtained at an authorization address specified by the virtual platform through the document code, the identity identification information and the token.
Further, the token is not invalid, and the virtual platform directly acquires the authorization code; and if the token is invalid, the identity authentication needs to be carried out again, and a new token and an authorization code are obtained after the identity authentication is successful.
Further, the virtual platform is a sales platform, the reader encrypts a private key through an authorization code to decrypt an authorization token, obtains a document code and an authorization address distributed by a third party in a shared document file packaging part, and obtains the authorization code of the third party from the document code and the token to an authorization address specified by the third party; and the third party verifies on the sales platform through the token, determines that the document and the user are valid, and acquires the encrypted public key and the authorization code.
Further, the reader receives the authorization code, decrypts the authorization code through the private key, and inputs the authorization code for normal reading.
Further, the virtual platform limits the access amount of the same user in unit time, and adds watermarks to the shared document file.
The invention has the beneficial effects that: a basic document encryption scheme is provided, and meanwhile, an authorization management scheme of all use scenes is also provided; under the environment of developing and using the universal reader, a purchaser and a reader of a shared document only need to master the familiar reader, a content provider and a platform provider only need to establish an authorization center, and even authorization can be trusteed to a third-party authorization center, so that the technical difficulty of the content provider and the platform provider in participating in document sharing is greatly reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a block diagram of a process for a reader developer to create an application on a virtual platform according to an embodiment of the invention;
fig. 2 is a block diagram of a process of a reader developer obtaining an authorization code on a virtual platform according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a multi-level authorization process between a reader developer and a sales platform and a manufacturer platform according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 1 to 3, an encrypted electronic document sharing method based on multi-level authorization according to an embodiment of the present invention includes the following steps:
s1, creating application on the virtual platform, and enabling a reader developer to obtain corresponding identity identification information and an authorization code decryption private key;
s2, acquiring a shared document file through a network, wherein the shared document file is encrypted in advance;
and S3, the virtual platform performs identity authentication on readers sharing the document file.
In an embodiment of the present invention, in S1, the virtual platform includes a sharing platform and a selling platform.
In a specific embodiment of the present invention, in the S2, the shared document file is encrypted in advance by AES.
In an embodiment of the present invention, in the S3, the authorization code is immediately obtained without requiring identity authentication for the reader of the shared document file.
In an embodiment of the present invention, in S3, the reader of the shared document file needs identity authentication, further authenticates in the virtual platform authentication center, and obtains the authorization code again, where the authorization code is encrypted by the public key of the decryption private key pair.
In a specific embodiment of the present invention, in S3, after the identity authentication is successful, the document is read, the document code and the authorized address of the shared document file on the virtual platform are obtained in the package portion of the shared document file, and the authorized code is obtained at the authorized address specified by the virtual platform through the document code and the identity information.
In a specific embodiment of the present invention, the virtual platform is a shared platform, the shared platform and a reader reading a document perform caching of identity information through a token, and an authorization code is obtained at an authorization address specified by the virtual platform through the document code, the identity identification information, and the token.
In a specific embodiment of the present invention, the token is not invalid, and the virtual platform directly obtains the authorization code; and if the token is invalid, the identity authentication needs to be carried out again, and a new token and an authorization code are obtained after the identity authentication is successful.
In a specific embodiment of the invention, the virtual platform is a sales platform, the reader encrypts a private key through an authorization code to decrypt an authorization token, obtains a document code and an authorization address distributed by a third party at a shared document file packaging part, and obtains the authorization code of the third party from the document code and the token to an authorization address specified by the third party; and the third party verifies on the sales platform through the token, determines that the document and the user are valid, and acquires the encrypted public key and the authorization code.
In a specific embodiment of the present invention, the reader receives the authorization code, decrypts the authorization code by the private key through the authorization code, and inputs the authorization code for normal reading.
In a specific embodiment of the present invention, the virtual platform limits the access amount of the same user in a unit time, and adds a watermark to the shared document file.
In order to facilitate understanding of the above-described technical aspects of the present invention, the above-described technical aspects of the present invention will be described in detail below in terms of specific usage.
When the method is used specifically, a technical basis for developing a universal reader is established by providing trust schemes between a developer and a platform provider, between the developer and a content producer and an authorization scheme for product circulation between the platform provider and the content producer under a network environment according to the encryption electronic document sharing method based on multi-level authorization.
The shared document file is issued in an industry standard format, the file is encrypted by a high-strength encryption method, an encrypted version reaches a reader end, the shared document can be read only by acquiring a decryption password through a multi-stage authorization way, and if an authorization code is to be acquired, trust needs to be established among entities participating in sharing.
The trust relationship between the developer and the platform dealer is as follows:
the platform business is a sharing platform, developers register on the sharing platform and distribute identity information of the developers, and the information is automatically refreshed through functions provided by the sharing platform; acquiring developer identity identification information and an authorization code decryption private key; the developer identity information comprises an identity code appID and a password appSect, and an additionally added authorization code encrypts a private key, so that the transmission security of the authorization code is enhanced;
the private key and the public key are a pair of passwords in an RSA encryption mode, the public key is kept by the sharing platform, the document authorization code is encrypted by the public key before being sent, and the reader decrypts the document authorization code by the private key after obtaining the authorization code.
Obtaining a document through a network or other exchange modes, encrypting the document by using AES (advanced encryption standard), and acquiring a document code of the document on a sharing platform and an authorized address of the sharing platform from a document packaging part by a reader when the document is read; obtaining an authorization code from an authorization address specified by the sharing platform by using the document code and the identity identification information;
if the document does not need identity authentication, the sharing platform judges that the document is used anonymously or freely and immediately acquires an authorization code; otherwise, guiding the user to a login page of the shared platform authentication center, obtaining the authorization code again after login is successful, and obtaining the authorization code of the encrypted version by the shared platform;
in order to avoid reading a plurality of documents and frequent login authentication, the sharing platform and the reader can cache identity information in a token mode, and acquire authorization codes from a document code, identity identification information and a token to an authorization address specified by the sharing platform, wherein if the token is not overdue, the sharing platform directly acquires the authorization codes; if the token is out of date, the user needs to log in again, and the token and the authorization code are obtained after the login is successful;
the reader receives the authorization code and decrypts by using a private key; and then the document is decrypted by the authorization code for normal reading.
Trust relationship between the platform dealer and the producer:
the platform manufacturer is a sales platform, the reader encrypts a private key through an authorization code to decrypt an authorization token, obtains a document code and an authorization address distributed by a manufacturer in a shared document file packaging part, and obtains the authorization code of the manufacturer from the document code and the token to the authorization address specified by the manufacturer; the manufacturer verifies the document and the user on the sales platform through the token, determines that the document and the user are valid, and acquires the encrypted public key and the authorization code.
The platform businessmen can avoid the malicious downloading of the document by limiting the access amount of the same client or the same user in unit time, and can clearly determine the copyright ownership of the electronic document by watermarking the document, so that the document can be used for obtaining evidence after piracy occurs.
The communication protocol is completed by adopting an HTTPS protocol so as to ensure the safety and reliability of the transmitted information.
In summary, by means of the above technical solution of the present invention, a basic document encryption scheme is provided, and meanwhile, an authorization management scheme for all usage scenarios is also provided; under the environment of developing and using the universal reader, a purchaser and a reader of a shared document only need to master the familiar reader, a content provider and a platform provider only need to establish an authorization center, and even authorization can be trusteed to a third-party authorization center, so that the technical difficulty of the content provider and the platform provider in participating in document sharing is greatly reduced. .
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. An encrypted electronic document sharing method based on multi-level authorization is characterized by comprising the following steps:
s1, creating application on the virtual platform, and enabling a reader developer to obtain corresponding identity identification information and an authorization code decryption private key;
s2, acquiring a shared document file through a network, wherein the shared document file is encrypted in advance;
and S3, the virtual platform performs identity authentication on readers sharing the document file.
2. The method for sharing an encrypted electronic document based on multi-level authorization according to claim 1, wherein in the S1, the virtual platform includes a sharing platform and a selling platform.
3. The encrypted electronic document sharing method based on multi-level authorization according to claim 1, wherein in the S2, the shared document file is encrypted in advance by AES.
4. The method for sharing an encrypted electronic document based on multi-level authorization according to claim 1, wherein in the S3, the authorization code is immediately obtained without requiring identity authentication for readers of the shared document file.
5. The method for sharing an encrypted electronic document according to claim 4, wherein in the step S3, the reader of the shared document file needs identity authentication, further authentication is performed in the virtual platform authentication center, and the authorization code is obtained again, wherein the authorization code is encrypted by the public key of the decryption private key pair.
6. The method according to claim 5, wherein in S3, after the identity authentication is successful, the document is read, the document code and the authorization address of the shared document file on the virtual platform are obtained in the package portion of the shared document file, and the authorization code is obtained at the authorization address specified by the virtual platform through the document code and the identity information, the virtual platform limits the access amount of the same user in a unit time, and adds a watermark to the shared document file.
7. The method for sharing the encrypted electronic document based on the multi-level authorization according to claim 2, wherein the virtual platform is a sharing platform, the sharing platform and a reader reading the document cache identity information through a token, and an authorization code is obtained through the document code, the identity identification information and the token at an authorization address specified by the virtual platform.
8. The method for sharing the encrypted electronic document based on the multi-level authorization according to claim 7, wherein the token is not invalidated, and the virtual platform directly obtains the authorization code; and if the token is invalid, the identity authentication needs to be carried out again, and a new token and an authorization code are obtained after the identity authentication is successful.
9. The method for sharing the encrypted electronic document based on the multilevel authorization according to claim 2, wherein the virtual platform is a sales platform, the reader encrypts a private key through an authorization code to decrypt an authorization token, obtains a document code and an authorization address distributed by a third party at a package part of a shared document file, and obtains the authorization code of the third party from the document code and the token to an authorization address specified by the third party; and the third party verifies on the sales platform through the token, determines that the document and the user are valid, and acquires the encrypted public key and the authorization code.
10. The method for sharing the encrypted electronic document based on the multi-level authorization according to claim 8 or 9, wherein the reader receives an authorization code, decrypts the authorization code by a private key through the authorization code, and inputs the authorization code for normal reading.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110292394.2A CN113032826B (en) | 2021-03-18 | 2021-03-18 | Multi-level authorization-based encrypted electronic document sharing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110292394.2A CN113032826B (en) | 2021-03-18 | 2021-03-18 | Multi-level authorization-based encrypted electronic document sharing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113032826A true CN113032826A (en) | 2021-06-25 |
| CN113032826B CN113032826B (en) | 2022-08-23 |
Family
ID=76471556
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110292394.2A Active CN113032826B (en) | 2021-03-18 | 2021-03-18 | Multi-level authorization-based encrypted electronic document sharing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113032826B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113343218A (en) * | 2021-08-03 | 2021-09-03 | 深圳市知酷信息技术有限公司 | Data security sharing platform based on internet online document |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060020803A1 (en) * | 2004-07-06 | 2006-01-26 | Zih Corp. | Systems and methods for authentication of items or documents |
| US20070033637A1 (en) * | 2005-08-04 | 2007-02-08 | Toshiba Corporation And Toshiba Tec Kabushiki Kaisha | System and method for securely sharing electronic documents |
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN102819704A (en) * | 2012-07-20 | 2012-12-12 | 北京亿赛通科技发展有限责任公司 | Document copyright protection method for intelligent terminal |
| CN103595721A (en) * | 2013-11-14 | 2014-02-19 | 福建伊时代信息科技股份有限公司 | Safe sharing method, sharing device and sharing system for files of network disk |
| CN104408379A (en) * | 2014-10-14 | 2015-03-11 | 国家电网公司 | Multi-stage signature method for electronic document on the basis of workflow |
| CN112087463A (en) * | 2020-04-30 | 2020-12-15 | 广州知弘科技有限公司 | Encryption method based on big data cloud platform system |
-
2021
- 2021-03-18 CN CN202110292394.2A patent/CN113032826B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060020803A1 (en) * | 2004-07-06 | 2006-01-26 | Zih Corp. | Systems and methods for authentication of items or documents |
| US20070033637A1 (en) * | 2005-08-04 | 2007-02-08 | Toshiba Corporation And Toshiba Tec Kabushiki Kaisha | System and method for securely sharing electronic documents |
| CN102347836A (en) * | 2010-04-30 | 2012-02-08 | 龚华清 | Electronic document protected view system and method |
| CN102819704A (en) * | 2012-07-20 | 2012-12-12 | 北京亿赛通科技发展有限责任公司 | Document copyright protection method for intelligent terminal |
| CN103595721A (en) * | 2013-11-14 | 2014-02-19 | 福建伊时代信息科技股份有限公司 | Safe sharing method, sharing device and sharing system for files of network disk |
| CN104408379A (en) * | 2014-10-14 | 2015-03-11 | 国家电网公司 | Multi-stage signature method for electronic document on the basis of workflow |
| CN112087463A (en) * | 2020-04-30 | 2020-12-15 | 广州知弘科技有限公司 | Encryption method based on big data cloud platform system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113343218A (en) * | 2021-08-03 | 2021-09-03 | 深圳市知酷信息技术有限公司 | Data security sharing platform based on internet online document |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113032826B (en) | 2022-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7975312B2 (en) | Token passing technique for media playback devices | |
| US6684198B1 (en) | Program data distribution via open network | |
| US8549606B2 (en) | Device for protecting digital content, device for processing protected digital content, method for protecting digital content, method for processing protected digital content, storage medium storing program for protecting digital content, and storage medium storing program for processing protected digital content | |
| RU2504005C2 (en) | Digital rights management apparatus and method | |
| JP4366037B2 (en) | System and method for controlling and exercising access rights to encrypted media | |
| US20060173787A1 (en) | Data protection management apparatus and data protection management method | |
| EP1126355A1 (en) | Method and system for distributing programs using tamper resistant processor | |
| JP2018152077A (en) | Methods and apparatus for protected distribution of applications and media content | |
| JP5626816B2 (en) | Method and apparatus for partial encryption of digital content | |
| JP2005080315A (en) | System and method for providing service | |
| JP2006099509A (en) | Information management device and method, and program | |
| JP2002229861A (en) | Recording device with copyright protecting function | |
| CN103237010B (en) | The server end of digital content is cryptographically provided | |
| JP2000010929A (en) | Contents server, terminal device and contents transmission system | |
| JP2001244925A (en) | System and method for managing enciphered data and storage medium | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN112004201A (en) | Short message sending method and device and computer system | |
| CN113032826B (en) | Multi-level authorization-based encrypted electronic document sharing method | |
| KR101858562B1 (en) | Security system for selling and using e-training contents | |
| JP2007515723A (en) | Software execution protection using active entities | |
| CN114546506B (en) | Authorization method, device, equipment and medium for embedded operating system | |
| CN115225286A (en) | Application access authentication method and device | |
| KR100467570B1 (en) | Security service method for digital content and system therefor | |
| JP2004347636A (en) | Ticket processing system and method therefor | |
| JP2003348069A (en) | Method and device for distributing contents, storage medium and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |